Find a Question:

FossHub served some downloads malware after hack

Aug

3

2016

Fosshub, a site where foss available software is been hacked some time. As a result, some Windows installation files from popular applications were replaced with malicious software that overwrites the master boot record. FossHub is currently offline.

Classic Shell MBR hack FossHub gave no explanation, but at the moment the site is offline and no files can be downloaded. Several programs, including at least Classic Shell and audio editing program Audacity, to go offline from the website were presented with malicious content. The payload made the MBR of the hard drive has been overwritten. It does not appear that the malware then doing something else overwriting the MBR. That’s annoying, but solvable.

The first mention of strange behavior was on the Classic Shell forum. During the installation got to see the appropriate forum user that the file came from untrusted source. The user installed Classic Shell anyway and after a restart, he came straight into the bios correctly. Not much came later on Reddit also reports within about Audacity and possibly other applications.

After overwriting of the mbr, is to start up it is no longer possible to normal. How the hackers were able to provide precise access to FossHub, is not entirely clear. However, says hacker group Cult of Peggle in a tweet that they had wholly owned temporarily FossHub and they also had access to the email of the admin.

Many open source projects serve downloads of their applications through their own servers. These projects often refer to sites hosting files like SourceForge or Fosshub. Audacity link from its download page, for example, directly to the files on FossHub.